EURUSD
Your shopping cart is empty.
CEN

EN 12251:2004

(Main)

Health informatics - Secure User Identification for Health Care - Management and Security of Authentication by Passwords

Health informatics - Secure User Identification for Health Care - Management and Security of Authentication by Passwords

This document is designed to improve the authentication of individual users of health care IT systems, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities.
This document applies to all information systems (hereafter called systems) within the health care environment that handle or store sensitive person identifiable health information, using passwords as the only means of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems that fall within the scope of this document include for example electronic patient record systems, patient administrative systems and laboratory systems, containing personal health information.
This document does not apply to systems outside the health care environment. Neither does it apply to systems within the health care environment that use other means of identification and authentication, such as smart cards, biometric methods or other technical facilities.

Medizinische Informatik - Sichere Nutzeridentifikation im Gesundheitswesen - Management und Sicherheit für die Authentifizierung durch Passwörter

Informatique de santé - Sécurité de l'identification de l'utilisateur des soins de santé - Gestion et sécurité de l'authentification des mots de passe

Zdravstvena informatika – Varna identifikacija uporabnikov v zdravstvenem varstvu – Upravljanje in varnost avtentikacije z gesli

General Information

Status
Published
Publication Date
17-Aug-2004
Withdrawal Date
27-Feb-2005
ICS
35.240.80 - IT applications in health care technology
Technical Committee
CEN/TC 251 - Medical informatics
Drafting Committee
CEN/TC 251/WG 1 - Information models
Current Stage
9093 - Decision to confirm - Review Enquiry
Start Date
10-Mar-2021
Completion Date
17-Dec-2025
Ref Project
SIST EN 12251:2005 - Health informatics - Secure User Identification for Health Care - Management and Security of Authentication by Passwords

Relations

Replaces
ENV 12251:2000 - Health informatics - Secure user identification for health care - Management and security of authentication by passwords
Effective Date
22-Dec-2008
EN 12251:2005EN 12251:2005
PreviousNext
Standard
EN 12251:2005
English language
13 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)


2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.Zdravstvena informatika – Varna identifikacija uporabnikov v zdravstvenem varstvu – Upravljanje in varnost avtentikacije z gesliMedizinische Informatik - Sichere Nutzeridentifikation im Gesundheitswesen - Management und Sicherheit für die Authentifizierung durch PasswörterInformatique de santé - Sécurité de l'identification de l'utilisateur des soins de santé - Gestion et sécurité de l'authentification des mots de passeHealth informatics - Secure User Identification for Health Care - Management and Security of Authentication by Passwords35.240.80Uporabniške rešitve IT v zdravstveni tehnikiIT applications in health care technologyICS:Ta slovenski standard je istoveten z:EN 12251:2004SIST EN 12251:2005en01-januar-2005SIST EN 12251:2005SLOVENSKI
STANDARDSIST ENV 12251:20031DGRPHãþD

EUROPEAN STANDARDNORME EUROPÉENNEEUROPÄISCHE NORMEN 12251August 2004ICS 35.240.80 English versionHealth informatics - Secure User Identification for Health Care -Management and Security of Authentication by PasswordsInformatique de santé - Sécurité de l'identification del'utilisateur des soins de santé - Gestion et sécurité del'authentification des mots de passeMedizinische Informatik - Sichere Nutzeridentifikation imGesundheitswesen - Management und Sicherheit für dieAuthentifizierung durch PasswörterThis European Standard was approved by CEN on 21 June 2004.CEN members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this EuropeanStandard the status of a national standard without any alteration. Up-to-date lists and bibliographical references concerning such nationalstandards may be obtained on application to the Central Secretariat or to any CEN member.This European Standard exists in three official versions (English, French, German). A version in any other language made by translationunder the responsibility of a CEN member into its own language and notified to the Central Secretariat has the same status as the officialversions.CEN members are the national standards bodies of Austria, Belgium, Cyprus, Czech Republic, Denmark, Estonia, Finland, France,Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Slovakia,Slovenia, Spain, Sweden, Switzerland and United Kingdom.EUROPEAN COMMITTEE FOR STANDARDIZATIONCOMITÉ EUROPÉEN DE NORMALISATIONEUROPÄISCHES KOMITEE FÜR NORMUNGManagement Centre: rue de Stassart, 36
B-1050 Brussels© 2004 CENAll rights of exploitation in any form and by any means reservedworldwide for CEN national Members.Ref. No. EN 12251:2004: ESIST EN 12251:2005

Potential password complexity requirements.10 Annex B (informative)
User responsibilities.11 Annex C (informative)
Password communication.12 Bibliography.13
1 Scope This document is designed to improve the authentication of individual users of health care IT systems, by strengthening the automatic software procedures associated with the management of user identifiers and passwords, without resorting to additional hardware facilities. This document applies to all information systems (hereafter called systems) within the health care environment that handle or store sensitive person identifiable health information, using passwords as the only means of authenticating the entered user identifier, i.e., verifying the claimed identity of a user. Systems that fall within the scope of this document include for example electronic patient record systems, patient administrative systems and laboratory systems, containing personal health information. This document does not apply to systems outside the health care environment. Neither does it apply to systems within the health care environment that use other means of identification and authentication, such as smart cards, biometric methods or other technical facilities. 2 Normative references
The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 7498-2, Information processing systems – Open systems interconnection – Basic reference model – Part 2: Security architecture 3 Terms and definitions For the purposes of this document, the following terms and definitions apply. 3.1
access control prevention of unauthorised use of a resource, including the prevention of use of a resource in an unauthorised manner 3.2 authentication process of verifying a claimed user identity, in this document on the basis of an entered user identifier and password 3.3 authentication information information used to establish the validity of a claimed identity [ISO 7498-2] 3.4
authorised user person who is given access rights to the system, i.e., person who is given a unique user identifier and an initial password, and by this is given
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

CEN
EN ISO 17117-1:2025(Main)
Health informatics - Terminological resources - Part 1: Characteristics (ISO 17117-1:2025)
kSIST FprEN ISO 17117-1:2025

This document defines universal and specialized characteristics of health terminological resources that make them fit for the purposes required of various applications. It covers only terminological resources that are primarily designed to be used for clinical concept representation or to those parts of other terminological resources designed to be used for clinical concept representation.
This document helps users to assess whether a terminology has the characteristics or provides the functions that will support their specified requirements. In order to do that, this document focuses on defining characteristics and functions of terminological resources in healthcare that can be used to identify different types of terminological resources for categorization purposes.
NOTE 1        Categorization of healthcare terminological systems according to the name of the system might not be helpful and has caused confusion in the past.
The following aspects are not covered in this document:
—     evaluations of terminological resources;
—     health service requirements for terminological resources and evaluation criteria based on the characteristics and functions;
—     the nature and quality of mappings between different terminologies;
NOTE 2        It is unlikely that a single terminology will meet all the terminology requirements of a healthcare organization: some terminology providers produce mappings to administrative or classification systems such as the International Classification of Diseases (ICD). The presence of such maps would be a consideration in the evaluation of the terminology.
—     the nature and quality of mappings between different versions of the same terminology;
NOTE 3        To support data migration and historical retrieval, terminology providers can provide maps between versions of their terminology. The presence of such maps would be a consideration in the evaluation of the terminology.
—     terminology server requirements and techniques and tools for terminology developers;
—     characteristics for computational biology terminology.

  • Draft
    29 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEEE 11073-10103:2025(Main)
Health informatics - Device interoperability - Part 10103: Nomenclature, implantable device, cardiac (ISO/IEEE 11073-10103:2025)
SIST EN ISO/IEEE 11073-10103:2025

This document extends the base nomenclature provided in ISO/IEEE 11073-10101:2020  to support terminology for implantable cardiac devices. Devices within the scope of this nomenclature are implantable devices such as pacemakers, defibrillators, devices for cardiac resynchronization therapy, and implantable cardiac monitors. This nomenclature defines the terms necessary to convey a clinically relevant summary of the information obtained during a device interrogation. The nomenclature extensions may be used in conjunction with other IEEE 11073 standard components (e.g., ISO/IEEE 11073-10201 [B2] ) or with other standards, such as Health Level Seven International (HL7).

  • Standard
    145 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEEE 11073-10425:2025(Main)
Health informatics - Device interoperability - Part 10425: Personal Health Device Communication - Device Specialization- Continuous Glucose Monitor (CGM) (ISO/IEEE 11073-10425:2024)
SIST EN ISO/IEEE 11073-10425:2025

This standard establishes a normative definition of communication between personal health continuous glucose monitor (CGM) devices (agents) and managers (e.g., cell phones, personal computers, personal health appliances, set top boxes) in a manner that enables plug-and-play interoperability. It leverages work done in other ISO/IEEE 11073 standards including existing terminology, information profiles, application profile standards, and transport standards. It specifies the use of specific term codes, formats, and behaviors in telehealth environments, restricting optionality in base frameworks in favor of interoperability. This standard defines a common core of communication functionality of CGM devices. In this context, CGM refers to the measurement of the level of glucose in the body on a regular (typically 5 minute) basis through a sensor continuously attached to the person.

  • Standard
    85 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEEE 11073-10471:2025(Main)
Health informatics - Device interoperability - Part 10471: Personal Health Device Communication - Device Specialization - Independent Living Activity Hub (ISO/IEEE 11073-10471:2024)
SIST EN ISO/IEEE 11073-10471:2025

Within the context of the ISO/IEEE 11073 family of standards for device communication, this standard establishes a normative definition of the communication between independent living activity hubs and managers (e.g., cell phones, personal computers, personal health appliances, and set top boxes) in a manner that enables plug-and-play interoperability. It leverages appropriate portions of existing standards, including ISO/IEEE 11073 terminology and information models. It specifies the use of specific term codes, formats, and behaviors in telehealth environments restricting ambiguity in base frameworks in favor of interoperability. This standard defines a common core of communication functionality for independent living activity hubs. In this context, independent living activity hubs are defined as devices that communicate with simple situation monitors (binary sensors), normalize information received from the simple environmental monitors, and provide this normalized information to one or more managers. This information can be examined, for example, to determine when a person’s activities/behaviors have deviated significantly from what is normal for them such that relevant parties can be notified. Independent living activity hubs will normalize information from the following simple situation monitors (binary sensors) for the initial release of the proposed standard: fall sensor, motion sensor, door sensor, bed/chair occupancy sensor, light switch sensor, smoke sensor, (ambient) temperature threshold sensor, personal emergency response system (PERS), and enuresis sensor (bed-wetting).

  • Standard
    46 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEEE 11073-10472:2025(Main)
Health informatics - Device interoperability - Part 10472: Personal Health Device Communication - Device Specialization - Medication Monitor (ISO/IEEE 11073-10472:2024)
SIST EN ISO/IEEE 11073-10472:2025

Within the context of the ISO/IEEE 11073 family of standards for device communication, this standard establishes a normative definition of the communication between medication monitoring devices and managers (e.g., cell phones, personal computers, personal health appliances, set top boxes) in a manner that enables plug-and-play interoperability. It leverages appropriate portions of existing standards, including ISO/IEEE 11073 terminology, information models and application profile. It specifies the use of specific term codes, formats, and behaviors in telehealth environments restricting ambiguity in base frameworks in favor of interoperability. This standard defines a common core of communication functionality for medication monitors. In this context, medication monitors are defined as devices that have the ability to determine and communicate (to a manager) measures of a user’s adherence to a medication regime.

  • Standard
    82 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEEE 11073-10701:2025(Main)
Health informatics - Device interoperability - Part 10701: Point-of-care medical device communication - Metric provisioning by participants in a Service-oriented Device Connectivity (SDC) system (ISO/IEEE 11073-10701:2024)
SIST EN ISO/IEEE 11073-10701:2025

This standard specifies a set of Participant Key Purposes (PKPs) pertaining to metric data exchange for the Service-oriented Device Connectivity (SDC) series of standards. PKPs are role-based sets of requirements for products in order to support safe, effective, and secure interoperability in medical IT networks at point-of-care environments such as the intensive care unit (ICU), operating room (OR) or other acute care settings. This standard specifies both product development process and technical requirements.

  • Standard
    46 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO/IEEE 11073-10700:2025(Main)
Health informatics - Device interoperability - Part 10700: Point‐of‐care medical device communication - Standard for base requirements for participants in a Service‐oriented Device Connectivity (SDC) system (ISO/IEEE 11073-10700:2024)
SIST EN ISO 11073-10700:2025

This standard specifies the base set of Participant Key Purposes (PKPs) for the Service-oriented Device Connectivity (SDC) series of standards. PKPs are role-based sets of requirements for products in order to support safe, effective, and secure interoperability in medical IT networks at point-of-care environments such as the intensive care unit (ICU), operating room (OR) or other acute care settings. This standard specifies both product development process and technical requirements.

  • Standard
    59 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 27269:2025(Main)
Health informatics - International patient summary (ISO 27269:2025)
SIST EN ISO 27269:2025

This document defines the core data set for a concise international patient summary (IPS), which supports continuity of care for a person and assists with coordination of their care.
This document provides an abstract definition of a patient summary from which derived models are implementable.
This document does not cover the workflow processes of data entry, data collection, data summarization, subsequent data presentation, assimilation, or aggregation. Furthermore, this document does not cover the summarization act itself, i.e. the intelligence, skills and competences, that results in the data summarization workflow. It is not an implementation guide that is concerned with the various technical layers beneath the application layer. Representation by various coding schemes, additional structures and terminologies are not part of this document.

  • Standard
    94 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 17523:2025(Main)
Health informatics - Requirements for electronic prescriptions (ISO 17523:2025)
SIST EN ISO 17523:2025

The scope of this document is constrained to the content of the electronic prescription (ePrescription) itself, the digital document which is issued by a prescribing healthcare professional and received by a dispensing healthcare professional. The prescribed medicinal product is to be dispensed through an authorized healthcare professional with the aim of being administered to a human patient. The ePrescription in the administrative workflow of reimbursement is not covered in this document.
This document specifies the requirements that apply to ePrescriptions. It describes generic principles that are considered important for all ePrescriptions.
This document is applicable to ePrescriptions of medicinal products for human use. Although other kinds of products (e.g. medical devices, wound care products) can be ordered by means of an ePrescription, the requirements in this document are aimed at medicinal products that have a market authorization and at pharmaceutical preparations which are compounded in a pharmacy.
This document does not limit the scope to any setting (community, institutional) and leaves it to the national bodies to decide on this matter.
This document specifies a list of data elements that can be considered as essential for ePrescriptions, depending on jurisdiction or clinical setting (primary healthcare, hospital, etc.). Ensuring the authenticity of these data elements is in scope and will have impact on the requirements of information systems.
Other messages, roles and scenarios (e.g. validation of a prescription, administration, medication charts, EHR of the patient, reimbursement of care and dispensed products) are not covered in this document, because they are country-specific or region-specific, due to differences in culture and in legislation of healthcare. However, requirements and content of ePrescriptions within the context of jurisdictions have a relationship with these scenarios. This document also does not cover the way in which ePrescriptions are made available or exchanged, and the process of prescribing itself.
The logistic process of prescribing itself is not part of the scope. A prescription can either be sent (pushed) to a dispenser or either be retrieved (pulled) at the dispenser. However, the requirement for the prescription is described, that it will be able to function in both environments.

  • Standard
    32 pages
    English language
    sale 10% off
    e-Library read for
    1 day
CEN
EN ISO 10781:2025(Main)
Health Informatics - HL7 Electronic Health Records-System Functional Model, Release 2.1 (EHR FM) (ISO 10781:2023)
SIST EN ISO 10781:2025

This document provides a reference list of functions that may be present in an Electronic Health Record System (EHR-S). The function list is described from a user perspective with the intent to enable consistent expression of system functionality. This EHR-S Functional Model, through the creation of Functional Profiles for care settings and realms, enables a standardized description and common understanding of functions sought or available in a given setting (e.g. intensive care, cardiology, office practice in one country or primary care in another country).

  • Standard
    79 pages
    English language
    sale 10% off
    e-Library read for
    1 day